Advice Goddess Blog
« Previous | Home | Next »

Oopsy!
The TSA -- or should we call it the TMA (Transportation Monkeys Administration)? -- lost a hard drive the other day, with THOUSANDS of employees bank and payroll data on it. 100,000, that is. Luckily, it was encrypted, right? Uh, not exactly. Uh, no. Thomas Frank writes in USA Today:

The TSA said it does not know if the external hard drive was stolen or lost inside the agency. The portable drive contains the bank account numbers, Social Security numbers, names and birth dates of people who worked at the TSA between January 2002 and August 2005, the TSA said in a statement on its website.

The TSA said it learned that the hard drive was missing Thursday, and told employees in an email sent Friday at around 6:45 p.m.

Don Thomas, a TSA screener in Orlando, was enraged that he did not find out sooner. "It's totally unacceptable. Who are they to hold this information back from people?" Thomas said Friday night as he was contacting his banks to tell them to block withdrawals from his accounts. "All it takes is 30 seconds to wipe you out. They [TSA officials] don't care about their screeners."

...In August, the TSA notified 1,195 former workers that forms containing their names and Social Security numbers may have been mailed to the wrong former workers. Last May, the records of 26 million military personnel were potentially compromised when a laptop was stolen from the home of a Department of Veterans Affairs employee. The computer was recovered without any reported data breach.

The TSA will provide workers whose information was lost with a year of theft protection and monitoring.

Paid for by...the people whose butts they're looking up at airports, I'm sure!

If you live in California, or anywhere else where you can freeze your credit, I highly recommend it. Here's the deal:

If you live in California, you have the right to put a "security freeze" on your credit file. A security freeze means that your file cannot be shared with potential creditors. A security freeze can help prevent identity theft. Most businesses will not open credit accounts without first checking a consumer's credit history. If your credit files are frozen, even someone who has your name and Social Security number would probably not be able to get credit in your name.

A security freeze is free to identity theft victims who have a police report of identity theft. If you are not an identity theft victim, it will cost you $10 to place a freeze with each credit bureau. That’s a total of $30 to freeze your files.

How do I place a security freeze?
To place a freeze, you must write to each of the three credit bureaus. You must provide identifying information. If you are an identity theft victim, provide a copy of your police report (or DMV investigative report) of identity theft. Otherwise provide payment of $10 to each of the credit bureaus.

Write to the addresses below or use the same letters on the Identity Theft page of the Office of Privacy Protection Web site.

Equifax Security Freeze
P.O. Box 105788
Atlanta, GA 30348

* Send by certified mail.
* Include name, current and former address, Social Security number, and date of birth.
* Pay by check, money order, or credit card (Visa, Master Card, American Express or Discover only). Give name of credit card, account number, and expiration date.

Experian Security Freeze
P. O. Box 9554
Allen, TX 75013

* Send by certified mail.
* Include full name, with middle initial and Jr./Sr., etc.
* Include current address and home addresses for past five years, Social Security number, birth date, and two proofs of residence (copy of driver license, utility bill, insurance statement, bank statement).
* Pay by check, money order or credit card. Give name of credit card, account number and expiration date.

TransUnion Security Freeze
P. O. Box 6790
Fullerton, CA 92834-6790

* Send by regular or certified mail.
* Include first name, middle initial, last name, Jr., etc.
* Current home address and addresses for past five years, Social Security number, and birth date.
* Pay by check, money order or credit card. Give name of credit card, account number and expiration date.

Can I open new credit accounts if my files are frozen?
Yes. If you want to open a new credit account or get a new loan, you can lift the freeze on your credit file. You can lift it for a period of time. Or you can lift it for a specific creditor. After you send your letter asking for the freeze, each of the credit bureaus will send you a Personal Identification Number (PIN). You will also get instructions on how to lift the freeze. You can lift the freeze by phone, using your PIN. The credit bureaus must lift your freeze within three days. The fee for lifting the freeze temporarily is $10 for a date-range lift and $12 for a lift for a specific creditor.

Posted by aalkon at July 18, 2007 9:08 AM

Comments

Why does it seem that the organizations that have the most onerous security requirements imposed upon them (banks, credit card companies, federal security bureaus) seem to "lose" sensitive data more often than anyone else?

Is there some level of enhanced incompetence in these organizations, or is it a deliberate method of gathering more marketing information?

Posted by: brian at July 18, 2007 6:29 AM

It's called they don't care about their customers - they just see them as a necessary evil for making money. Not that, knowing human nature, that's a surprise...but there's value in doing business well. I hope more companies start to recognize that. Apple computer is an example of a company that does. I've had Applecare for years (I can't remember if I had it on my first Mac, bought in 1985 on the University of MIchigan student discount). Maybe it wasn't invented then. But, there's a world of difference between their care program and HP's, for example, which I had on a portable printer, and which is especially bad. P.S. If you have HP's care, and you get a jerk named Walter from some foreign country on the line, hang up and call back.

Posted by: Amy Alkon at July 18, 2007 7:29 AM

I love that Walter's scrape (1993? 1997?) still burns.

Posted by: Crid at July 18, 2007 9:36 AM

Your mistake was in buying HP's consumer-grade equipment. That support is outsourced to script-jockeys.

Their business machine support is top-notch.

Posted by: brian at July 18, 2007 9:51 AM

The TSA continues its track record of mind-boggling ineptitude. How freakin' hard is it to encrypt an external hard drive with nearly unbreakable security (actually, I know this one: it's NOT). Their only real competence is in wasting our time with ineffective security measures.

Posted by: justin case at July 18, 2007 10:53 AM

A couple weeks ago I received free (free! free!) copies of my credit report by going to

https://www.annualcreditreport.com/

Don't be fooled by the multi-ethnic ribbon of smiles at the top of the page. The credit reporting agences were compelled by law to offer this service. But it works... I actually did it over the phone, because I wanted paper mailings.

When you get the report, you won't actually see you score, because that's their intellectual property. But you can see what they base it on and will know to correct any errors. To actually learn what numbers they give you. it'll cost 8 bucks or something.

Anyway, that's if you're lazy like me. Amy's advice about this is spot on, and everyone south of Donald Trump income-wise to listen to her.

(By the way, my numbers were excellent. Equifax called me "Snow White" and pinched my cheek. Trans-union offered to take me out for drinks. Mr Experian himself tried to give me a reach-around... I have really, really good credit.)

(By the way Amy, to freeze an account you only need to give one of your credit card numbers, not all of them, right?)

Posted by: Crid at July 18, 2007 11:15 AM

By the way, everyone should follow that link just to see the banner. It's the absolute archetype of the form.

White guys are just solders and doctors, doing the dirty jobs that nobody else wants! It's not like they're the oppressive man or anything! It's all the other ethnic types who are making money and having sex! Don't worry about it, the credit agencies are forces of subjugation or anything! Nothing to worry about!

Posted by: Crid at July 18, 2007 11:21 AM

Crid, I hope you refused the Experian reach-around. It's not as pleasant as you might think.

The credit bureaus sure do have it good, though. They make money on your info by making it available to prospective creditors, or they make money on you by charging you not to make it available. Win-win!

Posted by: justin case at July 18, 2007 11:47 AM

>>Why does it seem that banks, credit card companies, federal security bureaus seem to "lose" sensitive data more often than anyone else?

I suspect other companies lose it just as often, but "obscure Virginia mortuary loses customer database" doesn't usually make the CNN crawl. It's only big news when banks, feds and the like do it. Still, the rate at which these agencies "lose" hard drives full of other peoples' SSNs and account numbers is appalling.

Posted by: Gary S. at July 18, 2007 2:53 PM

I paid by check so I'd have a printed record of the transaction with their stamp that they'd received it.

I remember Walter because the experience was so outrageously bad.

And I bought an HP because I needed a portable printer, and the only ones out at the time were an HP and a Canon, and if you're buying a printer, and you're frugal like me, you think about how much the ink costs. (With inkjet printers, it's like drugs -- the "the first bag is free" principle...the printer is cheap, they getcha on the ink.)

While we're on ink, however, that's yet another item I've managed to get cheaper and cheaper on eBay. I have been using Gregg's HP Laserjet 1300 since my last printer committed suicide...or something. It was messy, I'm trying to forget.

Anyway, the high-yield HP cartridge for my printer is $90 at Office Max. I just got two no-name high-yields for $55 with shipping. That's 27 each.

And while we're on eBay tech bargains, my Motorola phone that I use in Paris has a dead or almost dead battery. It's really old in cellphone terms (and very cute) and wasn't really available in the USA, I don't think.

http://www.mobile-review.com/review/motorola-t191-en.shtml

Anyway, I got a battery for it on eBay. It was either $49 or 49 eu elsewhere. For me? $3.33 plus $8.95 shipping. Remarkable!

Posted by: Amy Alkon at July 19, 2007 7:49 PM

Leave a comment